CVE-2018-9107 – Joomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection

https://notcve.org/view.php?id=CVE-2018-9107

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export. Existe inyección CSV (también conocida como Excel Macro Injection o Formula Injection) en la funcionalidad de exportación en la extensión Acyba AcyMailing , en versiones anteriores a la 5.9.6, para Joomla! mediante un valor gestionado de manera incorrecta en una exportación CSV. Joomla Acymailing Starter component version 5.9.5 suffers from a CSV macro injection vulnerability. • https://www.exploit-db.com/exploits/44369 https://vel.joomla.org/articles/2140-introducing-csv-injection https://vel.joomla.org/resolved/2136-acymailing-5-9-5-csv-injection https://www.acyba.com/acymailing/change-log.html • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •